You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/04/26 11:52:33 UTC
svn commit: r1330736 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter: AbstractServiceProviderFilter.java Messages.properties

Author: sergeyb
Date: Thu Apr 26 09:52:33 2012
New Revision: 1330736

URL: http://svn.apache.org/viewvc?rev=1330736&view=rev
Log:
Support for relative RequestAssertionConsumerService URIs

Added:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties   (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1330736&r1=1330735&r2=1330736&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java Thu Apr 26 09:52:33 2012
@@ -21,10 +21,17 @@ package org.apache.cxf.rs.security.saml.
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Collections;
+import java.util.ResourceBundle;
+import java.util.logging.Logger;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.UriBuilder;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import org.apache.cxf.common.i18n.BundleUtils;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
@@ -45,24 +52,24 @@ public abstract class AbstractServicePro
     
     protected static final String SAML_REQUEST = "SAMLRequest"; 
     protected static final String RELAY_STATE = "RelayState";
+    protected static final Logger LOG = 
+        LogUtils.getL7dLogger(AbstractServiceProviderFilter.class);
+    protected static final ResourceBundle BUNDLE = 
+        BundleUtils.getBundle(AbstractServiceProviderFilter.class);
     
     private String idpServiceAddress;
     private String issuerId;
     private String assertionConsumerServiceAddress;
     
-    public String getAssertionConsumerServiceAddress() {
-        return assertionConsumerServiceAddress;
-    }
-
     public void setAssertionConsumerServiceAddress(
             String assertionConsumerServiceAddress) {
         this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
     }
 
-    protected boolean checkSecurityContext(Message m) {
-        return false;
+    public void setIssuerId(String issuerId) {
+        this.issuerId = issuerId;
     }
-
+    
     public void setIdpServiceAddress(String idpServiceAddress) {
         this.idpServiceAddress = idpServiceAddress;
     }
@@ -71,6 +78,10 @@ public abstract class AbstractServicePro
         return idpServiceAddress;
     }
 
+    protected boolean checkSecurityContext(Message m) {
+        return false;
+    }
+    
     protected AuthnRequest createAuthnRequest(Message m, Document doc) throws Exception {
         Issuer issuer =
             SamlpRequestComponentBuilder.createIssuer(issuerId);
@@ -91,7 +102,7 @@ public abstract class AbstractServicePro
         
         //CHECKSTYLE:OFF
         return SamlpRequestComponentBuilder.createAuthnRequest(
-                assertionConsumerServiceAddress, 
+                getAbsoluteAssertionServiceAddress(m), 
                 false, 
                 false,
                 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 
@@ -130,7 +141,27 @@ public abstract class AbstractServicePro
         return info;
     }
     
-    public void setIssuerId(String issuerId) {
-        this.issuerId = issuerId;
+    private String getAbsoluteAssertionServiceAddress(Message m) {
+        if (assertionConsumerServiceAddress == null) {    
+            //TODO: Review the possibility of using this filter
+            //for validating SAMLResponse too
+            reportError("MISSING_ASSERTION_SERVICE_URL");
+            throw new WebApplicationException(500);
+        }
+        if (!assertionConsumerServiceAddress.startsWith("http")) {
+            String httpBasePath = (String)m.get("http.base.path");
+            return UriBuilder.fromUri(httpBasePath)
+                             .path(assertionConsumerServiceAddress)
+                             .build()
+                             .toString();
+        } else {
+            return assertionConsumerServiceAddress;
+        }
+    }
+    
+    protected void reportError(String code) {
+        org.apache.cxf.common.i18n.Message errorMsg = 
+            new org.apache.cxf.common.i18n.Message(code, BUNDLE);
+        LOG.warning(errorMsg.toString());
     }
 }

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties?rev=1330736&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties (added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties Thu Apr 26 09:52:33 2012
@@ -0,0 +1,21 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+MISSING_ASSERTION_SERVICE_URL=RequestAssertionConsumerService URI is not set

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain